'Malvertising' Network Caught Spreading Malware Via Ads

Credit: Malwarebytes

(Image credit: Malwarebytes)

Even cybercriminals have their own versions of fall fashion trends. This year, it's malvertising, or using online advertising networks to spread malicious software. Last Friday, Google had to take drastic measures to shut down a malvertising attack that was spreading through its Google Doubleclick ad service.

The malware originated on the Zedo ad-distribution platform and was primarily affecting the websites of Last.fm, the Times of Israel and The Jerusalem Post. Google stopped it by severing Zedo's connection with Google Doubleclick.

MORE: Best Mac Antivirus Software 2014

The malicious ads contained the Zermot downloader, malware whose main purpose is to install yet more malware onto an infected computer. The websites that hosted the ads were not themselves infected, and Google has confirmed that its Doubleclick service is not infected either.

Though this particular attack is apparently over, the number of infected users might be in the millions, Jerome Segura of computer-security company Malwarebytes told Ars Technica.

Malvertising has been on the rise lately: The "Kyle and Stan" malvertising network (yes, named after the kids from the TV show South Park) was recently detected placing malicious ads on reputable sites such as Amazon, Yahoo and YouTube. The researchers who first discovered the Kyle and Stan network say that it's 9 times larger than they had originally thought.

This is no passing trend: malvertising is a powerful method of spreading malware. If criminals can get malicious ads into a reputable ad network, the target pool increases exponentially. Victims don't even have to click on an ad to be infected; the malware could install in the background as a drive-by download.

To decrease the risk of a malvertising infection, consider running an ad-blocking plugin such as NoScript or AdBlock, which prevent ads from appearing in the first place. NoScript, available for Mozilla Firefox, also disables JavaScript by default, letting the user select which JavaScript routines to allow.

While ad and script blockers remove annoying and potentially malicious ads from Web pages, they may also block legitimate content. Using a blocker prevents the online publications you visit from earning the revenue they need to continue serving you. Robust antivirus software can protect against most forms of malvertising without blocking content.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.